RSA is claiming to have made a “giant leap” in how it provides authentication, using its Big Data expertise to prove users are who they say they are.

The security giant, speaking at the RSA 2013 conference in San Francisco, said it was providing IT teams with “near infinite combinations” of over 100 risk factors that can be used to determine the validity of someone logging in, with the launch of Authentication Manager 8.

“Identity must be determined by a rich profile, made up of a near infinite number of combinations,” said Manoj Nair, senior vice president and general manager for RSA Identity & Data Protection, during a pre-brief yesterday evening.

RSA still pushing the password

RSA is using its Bayesian, self-learning risk algorithm that underpins all of its authentication services to power the product. Buyers will also get software tokens to create tokens can be created without having to be sent over the Internet, RSA said.

Customers can choose whether they want to use SecurID hardware as tokens, or software-based authenticators.

RSA is sticking with the old username and password paradigm, however, which many believe should be eradicated from businesses and the Web itself. The anti-password brigade believe that because of the quality of cracking tools, backed by powerful GPUs, login details can be stolen and decrypted with ease.

But RSA believes its Big Data approach, which silently does risk assessment work in the background by analysing a significant number of risk factors, is the best approach. Authentication Manager 8 will be made available some time in the first quarter of 2013.

“This intelligence-led approach needs more thorough understanding of risk… to understand the threat that is coming from outside in,” said Art Coviello, executive chairman of RSA.

“If we adopt this model, we can get ahead of [cyber criminals] in certain instances, even in the face of a lot of uncertainty.”